CVE-2018-5704

Published: 16 January 2018

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

Priority

Medium

CVSS 3 base score: 9.6

Status

Package Release Status
openocd
Launchpad, Ubuntu, Debian
Upstream
Released (0.10.0-4)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.10.0-4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.9.0-1+deb8u1build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)